A 21-year-old man from Sydney has been charged with helping run a credential-selling service following a bust by the Australian Federal Police (AFP).
The man was charged for his alleged involvement with the website WickedGen.com, which sold stolen account details for online subscription services, including Netflix, Spotify and Hulu, over a two-year period.
The AFP raided a home in the Sydney suburb of Dee Why on 12 March, where they seized various amounts of cryptocurrencies and “electronic materials”.
Conducted alongside the Federal Bureau of Investigation (FBI), the investigation claimed WickedGen.com obtained stolen or leaked usernames, email addresses and corresponding passwords from customers in Australia and the United States.
“Individuals in Australia have had their personal data stolen for the sake of individual greed,” AFP manager cyber crime acting Commander Chris Goldsmid said. “These types of offences can often be a precursor to more insidious forms of data theft and manipulation, which can have greater consequences for the victims involved.”
Prior to its closure, the website claimed it had over 120,000 users and almost one million sets of account details.
Police will allege the administrator of WickedGen made an estimated $300,000 selling the stolen account subscriptions through this website, and other similar sites identified through the course of investigations.
The man is due to appear in Sydney Central Local Court on 13 March where he faces several charges.
These include unauthorised access to, or modification of, restricted data; providing a circumvention service for a technological protection measure; dealing in the proceeds of crime; false or misleading information contrary to anti-money laundering legislation; and dealing in identification information.
“We are working closely with the affected companies and thank them for their cooperation with investigations to date,” Goldsmid added.
Australian agencies recently joined forces with the FBI to tackle an Eastern European-based cyber crime network.
The operation saw three Ukrainians arrested on criminal hacking charges including stealing payment card numbers, in attacks on more than 100 U.S. companies that cost businesses tens of millions of dollars.